Short answer is no, but with just a bit of work it should be possible and quite useful. I created a
feature request.

NTLM messages (those tickets after NTLM in the HTTP headers) start with NTLMSSP (0x4e544c4d53535000), followed by the NTLM message type. This type is not the NTLM version, but the step in the
protocol. The type is followed by flags, in some combinations they indicate a client that wants to do NTLMv2 and a server agreeing to do that.

In Java, there's a class waffle.util.NtlmMessage that wraps an NTLM message. Subsequently waffle.util.AuthorizationHeader uses this class. Maybe you could read the protocol, extend NtlmMessage and add some code that would identify which version of NTLM the
ticket is, then trace which protocol used in the filters (debug mode) - NTLMv1, NTLMv2, Kerberos, something else.

Of course. There's a section in the doc on contributing and setting up a dev environment. Upload patches to
http://waffle.codeplex.com/SourceControl/PatchList.aspx (you can see some people who have contributed). If you do a good job with a patch or two you get actual commit access.